If you are installing BWC on a host you don’t have
direct (or VPN) network access to (such as an AWS instance
with only private IP addresses), you may find you have some
level of difficulty connecting to the webui.

Typically you might try to simply create an SSH tunnel
through a bastion host, and then hit a URL on localhost, such
as https://localhost:8443/. Doing so, though, you will likely
see an error message, such as Unabletoreachauthservice.[auth:true].

Because of the way the webui authentication works, the browser
will likely be provided with URLs for the auth service that
don’t actually map to your “tunnel URLs”.

The easiest solution to bypass this problem, assuming you
don’t have the ability to get a proper VPN set up between
your networks, is to use SSH not to create tunnels, but as an
SSH proxy, such as by doing: ssh-N-D7654bastion_host.
This command, using -N, will not yield a command prompt.

Then, configure your browser to use localhost:7654 as a SOCKS5
proxy. At this point, you should be able to connect to the
BWC webui using the private IP address, which will be proxied
through your SSH session, and all should just work at that point.